Swipe to navigate through the chapters of this book

19. Authenticating Users with a Database

Abstract

Chapter 11 showed you the principles of user authentication and sessions to password protect parts of your web site, but the login scripts all relied on usernames and passwords stored in a CSV file. Keeping user details in a database is both more secure and more efficient. Instead of just storing a list of usernames and passwords, a database can store other details, such as first name, family name, email address, and so on. Databases also give you the option of using either hashing (one-way and irreversible) or encryption (two-way). In the first section of this chapter, we’ll examine the difference between the two. Then you’ll create registration and login scripts for both types of encryption.